cosign-discuss at umich.edu
general discussion of cosign development and deployment
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Self signed certificates?
Cosignd needs to be able to verify the certificate and its signer.
Self-signed certs do not work with Cosign. It is possible, though, to
generate your own CA certificate using openssl and use it to sign
certificates for testing. We actually use a local CA for many of our
production cosign certs. Setting up a CA with openssl is actually
If you send me a CSR directly I'd be happy to bring up a CosignTest CA
and sign it for you.
On Apr 2, 2004, at 9:03 PM, Raymond W. Lucke IV wrote:
I am trying to set up my own cosign server and login server, and am
trying to make it work with a self-signed certificate for now. I am
wondering what it takes for me to get this to work. It would seem that
nothing I try seems to work. I get the following error:
failedcosign_choose_conn: no connection to servers.
I read in your documentation that SSL errors are some of the most
difficult, and I have tried just about every variant of self signing I
could do. Sorry if what I am asking sounds vague.
And even when I go to get a certificate signed by a Thawte or
somebody, is that something that really is beneficial?
Thawte, VeriSign and 2-year Comodo certs should all work. Entrust
certs do not have client capabilities so they do not work. If you use
a commercially signed cert (or a cert signed by your own CA, for that
matter) you just need to make sure that a copy of the CA cert is in
cosign's CA directory (on both the client & server) and that you've run
c_rehash on that directory.